package com.hspedu.com.jdbc.statement_;

import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.sql.*;
import java.util.Properties;
import java.util.Scanner;

/**
 * @author DL5O
 * @version 1.0
 * 演示statement 的注入问题
 */

@SuppressWarnings("all")
public class Statement_ {
    public static void main(String[] args) throws IOException, ClassNotFoundException, SQLException {

        Scanner sc = new Scanner(System.in);
        //让用户输入管理员和密码
        System.out.print("请输入管理员的名字:");
        String admin_name = sc.nextLine();//老韩说明，如果希望看到SQL注入，这里需要使用nextLine
        System.out.print("请输入管理员的密码:");
        String admin_pwd = sc.nextLine();//next当接收到空格或者 '就是结束

        Properties properties = new Properties();
        properties.load(new FileReader("src\\jdbc.properties"));
        String user = properties.getProperty("user");
        String password = properties.getProperty("password");
        String url = properties.getProperty("url");
        String driver = properties.getProperty("driver");

        //1.注册驱动
        Class.forName(driver);//建议写上
        //2.得到连接
        Connection connection = DriverManager.getConnection(url, user, password);
        //3.得到statement
        Statement statement = connection.createStatement();

        String sql = "select name,pwd from admin where name = '" +
                admin_name + "' and pwd = '" + admin_pwd + "'";
        ResultSet resultSet = statement.executeQuery(sql);

        if (resultSet.next()) {//如果查询到了一条记录，则说明该用户存在
            System.out.println("恭喜，登陆成功");
        }else{
            System.out.println("对不起，登陆失败");
        }

        //关闭连接
        resultSet.close();
        statement.close();
        connection.close();
    }
}
